Peer-to-peer access control method based on ports

1. A port based peer access control method, comprising: a) initiating authentication control entities respectively located in a user and an access point for communication with each other, each authentication control entity has a unique and independent identity for a peer authentication and comprises an authentication subsystem, a controlled port and an uncontrolled port connecting the respective authentication subsystems with a transmission medium, each of said authentication subsystems having authentication and port control functions, and each of said authentication subsystems is connected to the respective uncontrolled port and controls a status of its controlled port with respect to being authenticated or unauthenticated; b) the authentication control entities authenticating each other by communication through the respective uncontrolled ports between their authentication subsystems, wherein the authentication subsystems complete the authentication process with the participation of an authentication server entity, and wherein the authentication server entity communicates security management information necessary for authentication with the authentication subsystem of the corresponding authentication control entity, and the authentication sever entity does not complete the authentication standing for the corresponding authentication control entity; and c) the respective authentication subsystems set the status of the respective controlled ports as authenticated if the authentication is successful, wherein the controlled port changes from opened to closed, allowing packets to pass through and, otherwise, the respective authentication subsystems set the status of the respective controlled ports as unauthenticated, wherein the controlled port remains opened; the authentication control entities negotiating a key, wherein the authentication subsystems comprise a function of key negotiation, and when the authentication control entities are authenticating each other, the key negotiation can be completed during or after an authentication process and if the key negotiation is to be performed independently after the authentication is completed, the key negotiation is completed independently by the two authentication control entities, while the key negotiation is completed simultaneously with the authentication in the authentication process, the authentication subsystem can complete the key negotiation process with or without the assist of the authentication server entity, or complete the authentication process by itself.

2. The port based peer access control method according to claim 1 , characterized in that, said authentication server entity stores the security management information of the authentication control entity, and transfers said security management information to the authentication control entity.

3. The port based peer access control method according to claim 1 , characterized in that: each of said authentication control entities and said authentication server entities can be implemented in a single system or in separate systems and said single system can comprise one or more authentication control entities.